Red Hat · Infrastruttura · YoctoIT tech page

Satellite

Lifecycle for your RHEL estate: patching, provisioning and compliance across hundreds of systems, from a single console.

FOCUS · THE ESTATE UNDER CONTROLContent views, patches in waves and measured compliance: patching as a process
YoctoIT material for clients and partners · Red Hat, RHEL, OpenShift, Ansible and the other products mentioned are trademarks of Red Hat, Inc. o di sue affiliate.
01 · What it is

Red Hat Satellite, made clear.

Satellite governs the lifecycle of every RHEL system: content mirrors, versioned content views, patches promoted per environment (dev → test → prod), automatic provisioning and OpenSCAP compliance reports. It's the tool that turns 'updating servers' into a process with evidence.

Content view
versioned repository snapshots: prod updates what test has already validated
OpenSCAP
CIS/STIG compliance measured and remediated, with reports for the audits
Provisioning
kickstarts and images: the new server is born compliant
Red Hat Satellite
OFFICIAL RED HAT BRANDING · SATELLITE
CONSOLE REALE · SATELLITE · FONTE: RED HAT DOCS
REAL CONSOLE · SATELLITE · SOURCE: RED HAT DOCS
02 · How to use it well

The things that make the difference.

The content flow

Red Hat CDNofficial errata and packages
Library
Test
Prod
content views promoted by stage
Satellite servermirrors, policies, host groups
The RHEL estatephysical, virtual, cloud
Patches travel by stage, not by chance

Errata in waves

Test systems first, then production in windows: the process our run-books apply every month.

Compliance baselines

SCAP profiles assigned by role: drift from the baseline is seen and remediated.

Repeatable provisioning

Host groups and kickstarts: the 'new server' identical to the proven one, in minutes.

Ansible integration

Satellite + Automation Platform: dynamic inventory and automated remediation.

03 · In depth

Content views and staged patching

Satellite organizes content in lifecycle environments (Library→Test→Prod): content views freeze signed repo versions, activation keys enroll hosts with the right channels, errata are applied by group with windows. Underneath: Capsule servers for remote sites, OpenSCAP for compliance, remote execution for orchestrated commands, PXE/image provisioning with host groups inheriting everything.

  • Content view — the signed repo snapshot: prod installs only what test validated
  • Lifecycle env — Library→Test→Prod: promotion is a tracked click
  • Errata management — security/bugfix/enhancement filtered and applied in waves
  • Capsule — the content proxy in the branch: fast patches even remotely
  • OpenSCAP — scheduled CIS/STIG profiles with remediation: compliance measured
  • Remote execution — signed jobs across thousands of hosts: orchestration without artisanal SSH
04 · Numbers and lifecycle

The numbers that matter.

3+
the typical lifecycle stages: patching as a pipeline
10k+
the hosts manageable by one Satellite/Capsule pair
CVE
RHSA errata tracked per host: who's exposed, immediately
2/anno
the Satellite releases to plan (n-1 supported)
Fleet patching is our bread and butter: content views, waves and OpenSCAP reports managed from our NOC — with evidence ready for NIS2.
05 · Use cases

Where it really pays off.

Large RHEL estates

From dozens to thousands of hosts with the same process.

Regulated environments

The patching evidence NIS2 and auditors demand.

Air-gapped

Red Hat content in isolated networks too, via export/import.

Patching is our daily craft: Satellite is the tool, YoctoIT run-books the method.